Microsoft Internet Explorer Two Vulnerabilities

cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.

Details

  • Microsoft Windows XP SP2 has a security feature which warns users when opening downloaded files of certain types. The problem is that if the downloaded file was sent with a specially crafted "Content-Location" HTTP header in some situations, then no security warning will be given to the user when the file is opened.

  • An error when saving some documents using the Javascript function "execCommand()", can be exploited to spoof the file extension in the "Save HTML Document" dialog.
Solution:
  • Disable Active Scripting support and the "Hide extension for known file types" option.
News source: Secunia
Report a problem with article
Next Article

Avant Browser 10.0 Build 033

Previous Article

Try scratching this DVD